Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sbabu
Staff
Staff

Created on ‎08-27-2024 05:27 AM

Article Id 336706

Technical Tip: How to configure IPv6 PPPoE connection on Fortigate Firewall

Description This article describes configuring an IPv6 PPPoE connection on a WAN interface where IPv4 PPPoE is already configured.
Scope FortiGate V7.0.X and later versions.
Solution
  1. Create a Virtual PPPoE interface to get an IPv6 address through the UP-stream PPPoE server.

FGT_Main# show sys pppoe-interface
config system pppoe-interface
    edit "wan1-pppoe"
        set ipv6 enable
        set device "wan2"
        set username "Admin"   <--- Use ISP provided Username and password.
        set password "admin@123"
    next
end

  1. After PPPoE virtual interface is configured enable IPv6 DHCP mode. 

    FGT_Main # show sys interface wan1-pppoe
    config system interface
        edit "wan1-pppoe"
            set vdom "root"
            set mode pppoe
            set type tunnel
                config ipv6
                    set ip6-mode dhcp
                end
            set interface "wan2"
        next
    end

    After enabling the DHCP, a PPPoE req will be sent from the interface wan1-pppoe to the PPPoE server.

     

     

  2. It is possible to verify the assigned IPv6 address using the command below:

    FGT_Main # dia ipv6 address list
    dev=52 devname=wan1-pppoe flag=P scope=0 prefix=128 addr=240d:172:16:200::100 preferred=4294967295 valid=4294967295
    dev=52 devname=wan1-pppoe flag=P scope=253 prefix=10 addr=fe80::a5b:ed5:fffe:a445 preferred=4294967295 valid=4294967295

     

    Or:

     

    FGT_Main # config sys interface

    FGT_Main (interface) # edit wan1-pppoe

    FGT_Main (wan1-pppoe) # get
    name : wan1-pppoe
    vdom : root
    mode : pppoe
    ip : 172.16.200.66 255.255.255.255
    ......
    ipv6:
    ip6-mode : dhcp
    nd-mode : basic
    ip6-address : 240d:172:16:200::100/128 <---
    ip6-allowaccess : ping https ssh snmp http
    ip6-reachable-time : 0
    ip6-retrans-time : 0
    ip6-hop-limit : 0
    dhcp6-prefix-delegation: disable
    PPPOE Gateway : 172.16.200.65
    wccp : disable
    interface : wan2

     

     

  3. Configure a default route with the PPPoE virtual interface and try pinging any IPv6 servers. 

     

config router static6
    edit 1
        set device "wan1-pppoe"
    next
end

 

FGT_Main # exec ping6-options interface wan1

FGT_Main # exec ping6 google.com 

PING 2001:4860:4860::8888(2001:4860:4860::8888) 56 data bytes
64 bytes from 2001:4860:4860::8888: icmp_seq=1 ttl=255 time=1.05 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=2 ttl=255 time=0.480 ms
64 bytes from 2001:4860:4860::8888: icmp_seq=3 ttl=255 time=0.430 ms

 

If not receiving any IP address from the PPPoE server then collect the below command output and look for any errors.

 

dia de application pppoed -1
diag debug application ppp 255
dia de application dhcp6 -1
dia de enable
Labels:
1792
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.